New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add basic parser for Outpost24 scan format #1750
Conversation
Don't forget about adding the fixture :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jvz test_type.json fixture that is ;-)
Also, additional couple tests for 1 finding and 0 finding to follow on what is being done today. The travis build is failing because of flake8, make sure you double-check on that.
Cheers!
fred
Signed-off-by: Matt Sicker <boards@gmail.com>
Signed-off-by: Matt Sicker <boards@gmail.com>
Signed-off-by: Matt Sicker <boards@gmail.com>
Alright, I've addressed those issues. There's still a little bit of code to add for the endpoints part, though I'll follow up with that later today. Let's make sure this part passes CI at least. |
Signed-off-by: Matt Sicker <boards@gmail.com>
Seems to be a test failure still. I'll update later today. |
Figured it out. @jeffret-b feel free to review now! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It will be nice to have a parser for this format to import findings when there is a need. I don't have a lot of experience in DefectDojo code, but the proposed changes here all look clean and correct.
from dojo.models import Test | ||
|
||
|
||
class TestOutpost24Parser(TestCase): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does it make sense to have at least one test that check the finding details?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You'd think so, but I didn't see any other tests doing that. 🤷♂
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree that it doesn't seem to be common in these tests, so maybe it isn't valuable. I did find this example, though, that is doing something along those lines:
def check_parse_file_with_single_vulnerability_has_single_finding(self, parser): |
@jvz is this comment in other original description still accurate? Is there still remaining work to be done? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the parsing could add a few items.
For example, the CVSS scores (probably both 2 and 3) and vectors could be added to the "Severity justification" field in DD. Also the <cvss_vector_description>
could also be added or eventually appended to the overall description.
Also, the "References" field could eventually benefit from info in the <referencelist>
.
What do you think?
When you merge this, please squash the history. Thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, thanks for making these changes!
@jvz if you could upload that sample file as well in the sibling repo at https://github.com/DefectDojo/sample-scan-files, it would be great. Thanks! |
looks pretty neat. dependency check amongst other scanners do this, using a dict. ideally update nb_occurences in that case. it might be nice to use that falsepositive flag too to fill in the according field in the db |
Yes, I started from a real scan, removed several things, and didn't really update any summary statistics at the top as I wasn't sure how they're calculated by the tool itself. I'm not sure exactly what the |
@madchap @jeffret-b @Wadeck @daniel-beck
When submitting a pull request, please make sure you have completed the following checklist: